* '''What:''' Talk: All of the bad things hackers can do to your unprotected mobile apps

* '''What:''' Talk: All of the bad things hackers can do to your unprotected mobile apps

** '''Abstract:''' Recently, there has been a new addition to the OWASP Mobile Top Ten Risks. At AppSec California, OWASP debuted the 2014 list and briefly highlighted examples of threats in the new M10 category. In this talk, we discuss the new category in much more depth. This presentation educates the audience about the prevalence of binary risks in both iPhone and Android mobile apps. We will highlight mobile app risks that relate to this new category, as well as others, and how to leverage particular OWASP Projects for the solution. By the end of this talk, attendees will have a solid understanding of binary risk and how to begin thinking about solutions to this mobile app risks.

** '''Abstract:''' Recently, there has been a new addition to the OWASP Mobile Top Ten Risks. At AppSec California, OWASP debuted the 2014 list and briefly highlighted examples of threats in the new M10 category. In this talk, we discuss the new category in much more depth. This presentation educates the audience about the prevalence of binary risks in both iPhone and Android mobile apps. We will highlight mobile app risks that relate to this new category, as well as others, and how to leverage particular OWASP Projects for the solution. By the end of this talk, attendees will have a solid understanding of binary risk and how to begin thinking about solutions to this mobile app risks.

** '''Who:''' Matt Clemens is a Security Solutions Architect for Arxan Technologies, focusing on application security. Before joining Arxan in 2013 Matt spent 20 years in a variety of roles in the semiconductor and embedded processor industries.

** '''Who:''' Matt Clemens is a Security Solutions Architect for Arxan Technologies, focusing on application security. Before joining Arxan in 2013 Matt spent 20 years in a variety of roles in the semiconductor and embedded processor industries.

Revision as of 18:22, 2 August 2014

Welcome to the Milwaukee chapter homepage. Click here to join the local chapter mailing list.

Call For Papers

If you are a builder, breaker, or defender, we would love to have you share your knowledge with us. We may even hold a few meetings dedicated to FireTalk style presentations, so feel free to submit talks of any length. Additionally, if you would really like to learn about a specific topic, please feel free to share ideas with the group. Someone may already have experience and be willing to present. Email Us with your submission (it doesn't have to be anything too formal).

August 26th, 2014

September 30th, 2014

What: Talk: All of the bad things hackers can do to your unprotected mobile apps

Abstract: Recently, there has been a new addition to the OWASP Mobile Top Ten Risks. At AppSec California, OWASP debuted the 2014 list and briefly highlighted examples of threats in the new M10 category. In this talk, we discuss the new category in much more depth. This presentation educates the audience about the prevalence of binary risks in both iPhone and Android mobile apps. We will highlight mobile app risks that relate to this new category, as well as others, and how to leverage particular OWASP Projects for the solution. By the end of this talk, attendees will have a solid understanding of binary risk and how to begin thinking about solutions to this mobile app risks.

Who: Matt Clemens is a Security Solutions Architect for Arxan Technologies, focusing on application security. Before joining Arxan in 2013 Matt spent 20 years in a variety of roles in the semiconductor and embedded processor industries.

When: 6:00 PM

Where: MATC Campus (Room and Campus TBD)

Online Stream: TBD

July 29th, 2014 Informal dinner get together @Mo's Irish Pub with MilSec

June 24th, 2014: Informal dinner get together @Mo's Irish Pub with MilSec

Description: The OWASP Top Ten provides information about the most critical web application security flaws found on the internet. OWASP recently updated the list. This talk reviewed the 2013 OWASP Top Ten. There were be plenty of demos to help explain the security flaws on the list.

October 29th, 2013: Informal dinner get together @Mo's Irish Pub

September 24th, 2013: Talk by Doug Rogahn: Low Tech Hacking

Description: Doug spoke about Low(er) Tech ways to hack and how to prevent physical security vulnerabilities. Your web server is only as secure as the place it is stored. This talk provided an opertunity to learn how to pick door locks, clone RFID cards, lift fingerprints for biometric readers, and escape from handcuffs (note: if you use your skills for good, you probably will never need this last skill. OWASP does not endorse criminal activity.)

Speaker Bio: Doug has worked as an Ethical Hacker and Application Penetration Tester for FIS for the last 3 ½ years. He has always had an interest in finding out how things work and finding interesting ways to accomplish tasks. He enjoys combining his knowledge of how things work to find unintended ways of bypassing safeguards. As an ethical hacker for FIS Doug has championed the cause of needing to test all possible entry points including physical security. He has been picking locks as a hobby for nearly 20 years but recently has brought his knowledge to the next level through additional training and practice.

Description: Zach demonstrated web application fuzzing techniques using Burp Intruder and fuzzdb. The techniques included parameter fuzzing, URL fuzzing, brute forcing, and results analysis. Zach showed how fuzzing can help zero in on application flaws quicker, making testing more efficient.

Speaker Bio: Zach Grace is the Manager of Penetration Testing and a penetration tester at 403 Labs. Zach spends most of his time exploring and exploiting client systems that range from large corporations and financial institutions, to universities and small mom and pop shops. Zach enjoys analyzing the subtle nuances of his penetration testing targets, so he can continue challenge himself while evolving his techniques.

June 25th, 2013:Informal dinner get together @Mo's Irish Pub

May 28th, 2013: Talk by Neal Bridges: Ninja Tactics

Neal Bridges, a former Network Warfare Operator for the Air Force, a SANS instructor, and a Senior Network Penetration Tester at FIS will be talking about Ninja Tactics (i.e. covert hacking) and how to detect and avoid Ninja's in your network.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.